Does the HIPAA Privacy rule affect you?
You should be familiar with the Health Insurance Portability and Accountability Act also known as HIPAA, but do you know how the privacy rule affects you? The U.S Department of Health and Human Services (HHS) has worked diligently since establishing HIPAA law to regulate privacy standards in the healthcare industry. When you think of the word privacy many things may come to mind, such as closing the door during a patient’s consultation or ensuring confidentiality while discussing patient treatments with fellow staff members. As a covered entity it is your responsibility to protect the privacy of your patients.
6 ways in which you can implement a Culture of Privacy:
During your day to day operations you need to be aware of how to implement the culture of privacy in your practice and comply with the law. Across all roles every employee in your practice needs to be exercising compliance with HIPAA. Here are six ways in which you can implement a culture of privacy.
- Provide HIPAA training to all your employees and maintain documentation that your entire staff has completed HIPAA training.
- Ensure that your entire staff knows what patient information can be shared and not shared outside and inside of the workplace.
- Get your patients to sign consent forms regarding sharing any form of PHI for any purpose including your own marketing purposes.
- Stay updated on changes in the law on new disclosure restrictions and Update your patient authorization forms updated regularly on any such new disclosure restrictions.
- Educate your patients and give them a clear outline on how they can request or obtain a copy of their medical records.
- Ensure that you are giving your staff only the minimum necessary access to PHI to perform quality healthcare.
It is your responsibility to maintain professional top-quality healthcare for all parties involved while maintaining compliance with the law. Exercising the privacy culture is the way your practice stays current and minimizes the potential of a data breach. As a covered entity you need to be aware of the potential consequences that come with non- compliance. Consequences range from significant monetary fines to criminal penalties like jail time and a damaged reputation. In addition, there are strict breach notification requirements outlined in the law.
In the event of a breach, you may be investigated by the appropriate federal agency like the Office for Civil Rights (OCR) or the Department of Homeland Security or the Department of Justice, or other federal agencies who may be involved. Depending on the results of the investigation, you may face penalties. Here are some penalties for data breaches that may apply.
- 100 dollars per record per day under HIPAA law with the maximum annual penalty being 1.5 million dollars per violation.
- Loss of patient trust and repeat business due to damage to your reputation.
Millions of dollars in fines could potentially cause you to lose your livelihood and business. A bad reputation would stop repeat business and new customers from coming. These top penalties and consequences are avoidable and quality healthcare is attainable if you are complying with the law and practicing the culture of privacy every day. Remember to instill a culture of privacy in your office and follow the Five Steps to HIPAA Compliance every year.